Zabbix has disclosed three security vulnerabilities affecting multiple versions of its monitoring agents and servers. The most critical, identified as CVE-2025-27237, has a CVSS score of 7.3 (high severity) and allows local attackers to escalate privileges in Windows environments. The other two vulnerabilities, CVE-2025-49641 and CVE-2025-27231, are rated as medium severity and involve unauthorized access control issues.
Vulnerability details
CVE-2025-27237 affects Zabbix Agent and Agent 2 for Windows. The flaw is related to the loading of the OpenSSL configuration file from a path that can be modified by low-privileged users, allowing malicious modifications and potential local privilege escalation through DLL injection. CVE-2025-49641 allows a regular Zabbix user without access to the Monitoring → Problems view to still call the problem.view.refresh action and retrieve a list of active problems. CVE-2025-27231 involves the leakage of the LDAP connection password when a super administrator changes the LDAP host to an unauthorized server.
Affected versions and patches
The affected versions include 6.0.0 to 6.0.40, 7.0.0 to 7.0.17, 7.2.0 to 7.2.11, and 7.4.0 to 7.4.1 of Zabbix Agent, Agent 2, and Server. Zabbix has released patches in versions 6.0.41, 7.0.18, 7.2.12, and 7.4.2 for all three vulnerabilities.
In this context, SEK recommends:
- Testing the updates in non-production environments before deploying to production.
- Immediately updating Zabbix Agent, Agent 2, and Server to the fixed versions provided by the vendor.
- Reviewing Zabbix user access permissions and applying the principle of least privilege to minimize the attack surface.
SEK is actively monitoring this situation and remains available to assist clients with the implementation of fixes, impact assessment, and proactive identification of vulnerable instances.
